In recent years, a system that provides data, upgrade software, and the like to users via a network has been proposed. Since these data and software often include important information, they must be protected from leakage, illicit copies, tampering, or the like.
As one of protection techniques, a MAC (message authentication code) authentication technique is known. MAC is authentication data of a short fixed length, which is generated by conventional encryption, and is normally sent while being appended to a message. This authentication technique is based on the premise that two entities A and B that engage with communications share key K. Upon sending a message from A to B, sending entity A calculates MAC=Ck(M) as a function of the message and the key, and sends the message together with the calculated MAC to receiving entity B. Receiving entity B makes an arithmetic operation of the received message using the same key and function as those used by sending entity A to calculate MAC for comparison. If the received MAC matches the calculated MAC, it is determined that the message is not tampered with or the like during sending.
According to a technique described in Japanese Patent Laid-Open No. 2002-152458, MAC is appended to whole original data such as firmware or the like, and the original data is encrypted. The obtained encrypted data is sent to a receiving terminal, which decrypts the encrypted data, and authenticates using the decrypted MAC. Then, the receiving terminal writes the decrypted data in a non-volatile ROM.
However, in the related art, authentication cannot be made unless all encrypted data in large quantity are received. In addition, the following problems are posed.
(1) A RAM area that can store all the encrypted data and all the decrypted data is required.
(2) In order to execute an authentication process, the MAC must be calculated using all the encrypted data, and it takes a long time to find tampering and the like.
(3) When the size of the original data is larger than the bank size of the non-volatile ROM, the original data cannot be written at the same time, and it complicates the writing program.
On the other hand, in the related art, when the aforementioned encrypted data is written in the non-volatile ROM as needed, the following problems are encountered.
(1) A RAM area that can store all the encrypted data is required.
(2) In order to execute an authentication process, the MAC must be calculated using all the encrypted data, and it takes a long time to find tampering and the like.
(3) Since write access to the non-volatile ROM is made as needed, if data has been tampered with, recovery requires much time.
(4) When the original data is larger than the bank size of the non-volatile ROM, the original data cannot be written at the same time, and it complicates the writing program.
It is, therefore, the object of this invention to solve the above and other problems. Note that other problems will be understood throughout the whole specification.